whatsapp
whatsappWebsite

One recent evening, a message was sent to a Whatsapp school group. It was T.'s phone. He changed the number to the prefix 963, Syria's prefix.

Only minutes later would it be clear what had happened, but at that moment the name of the Watsap group changed. "ONLY VIRUS" was the name the hacker called the group, and the original name disappeared.

Messages in Arabic began to flow at a pace and the fear level among the parents climbed. Ido Naor, a senior researcher at Kaspersky Lab who was providentially also a member of the Whatsapp group began investigating and discovered that as part of an attempt to access phone numbers for collecting information, the hacker managed to take over the Whatsapp account of one of the group members and send messages on her behalf to contacts and groups in which she is a member.

So how is the account stolen?

The attacker downloads the Whatsapp application to a fictitious phone and declares that your number is his.

The victim receives an SMS message that is part of the 2-step verification process, which is designed to prevent account hijacking. At the same time, the attacker approaches the victim and persuades him to send him the six digits in the message or click on the link in the message.

Although the SMS message unequivocally states the warning "Do not share the code with anyone", in practice, quite a few users fall victim and share the code with the attacker.

After receiving the code, the hacker enters the six digits on his fictitious phone and takes complete control over the victim's Whatsapp account. The takeover is complete.

According to Naor, this is not a virus, nor a Trojan horse, but a method called Social Engineering that aims to fool the victim and persuade him to obey the attacker's requests to carry out an action while being unaware of its consequences. The attacker's mode of operation Naor experienced himself. "After taking over T's Whatsapp account, the assailant continued to contact all the members of the group," explains Naor. "In such a situation, when one victim falls into a group, the trick is to stop the hemorrhage."

Because in many cases the attacker does not change the account's name, the attacker's referral will appear as the innocent face of a friend or one of the contacts, increasing the likelihood of responding to his or her request.

And the problem does not end here. From an examination conducted by Naor, it turns out that there is currently no way to regain control over an account that was hijacked. Meaning that the attacker will have access to all the details of the Whatsapp account, its messages and the contacts, and can communicate undisturbed with the contacts, using the identity of the victim.

The investigation also shows that in case of a hijacked account, it is impossible to reclaim it. The original account holder may open a new Whatsapp account without all the groups he was a member of, but the account details, with all that this implies, remain in the possession of the hijacker.

Other examples of account hijackings were identified in Israel and Europe over the last week, and local forums have been filling requests for help. Calls to Whatsapp were not answered.

If you receive an SMS containing a verification code (as shown in the picture below), do not send it to anyone and it should be ignored. The code will expire within a short time and the hacker will disappear. So the solution is simple: Ignore!